﻿<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>EbookAZ</title>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<?php require "../components/head.php" ?>
</head>
<body onload="MakeCurrentPage(1)">
<div id="container">
	<?php require "../components/guest_menu.php" ?>
	<?php require "../components/guest_header.php" ?>
	<div id="content">
		<?php require "../components/content_left.php"?>
		<div id="content_right" align="center">
			<?php
				echo "<h1>KẾT QUẢ TÌM KIẾM</h1>";
				// Ket noi CSDL
			//	
				require "../common/db.inc";
				$mysqli = new mysqli($host,$username,$password,$dbname);
				$mysqli_count = new mysqli($host,$username,$password,$dbname);
				if(mysqli_connect_errno())
				{
					printf("Connect failed: %s\n",mysqli_connect_error());
					exit();
				}
				
				//lay du lieu gui tu client 
				if(!isset($_GET['txtKey']))
				{
					echo "<span class='message'>Không tìm thấy cuốn sách nào thỏa.</span>";
					exit();
				}
				
				if($_GET['txtKey'] == "")
				{
					echo "<span class='message'>Không tìm thấy cuốn sách nào thỏa.</span>";
				}
				else
				{
					$bookname1 = clean_XSS($_GET['txtKey']);				
					$bookname = $mysqli->real_escape_string($bookname1);
					
					@$mysqli->query("set names 'utf8'");
					
					$numdisplay = 5;
					$books_per_page = 12;
					$current_page = 1;
					if(isset($_GET['page']))
						$current_page = $mysqli->real_escape_string($_GET['page']);
			
					$start = $books_per_page * ($current_page - 1);
					$limit = $books_per_page;
					$sql_GetEBookByKey = "CALL sp_GetEbookByKey('$bookname',$start,$limit)";
					
					$sql_CountGetEBookByKey = "CALL sp_CountGetEBookByKey('$bookname')";
					
					$result = @$mysqli->query($sql_GetEBookByKey);
					$count_result = @$mysqli_count->query($sql_CountGetEBookByKey);
					if($mysqli->errno)
					{
						die($mysqli->errno.": ".$mysqli->error);
					}
					
					printf("<span style='font-size:14px; color:#0000ff'>Kết quả tìm kiếm cho từ khóa: <b style='color:red'>'$bookname1'</b> </span><br/><br/>");
					print("<table width='100%' cellspacing='6'>");
					while($row = $result->fetch_object())
					{
						print("<tr>");
						printf("<td valign='top' align='center' width='%d'><a href='%s'><img src='%s' height='150' width='100' /></a><br/><a href='%s'>%s</a></td>",25, 'XemChiTietSach.php?id='.$row->ID,$image.$row->CoverImage,'XemChiTietSach.php?id='.$row->ID,$row->Title);
						$i = 0;
						while($i < 3 && $row2 = $result->fetch_object())
						{
							printf("<td valign='top' align='center' width='%d'><a href='%s'><img src='%s' height='150' width='100' /></a><br/><a href='%s'>%s</a></td>",25, 'XemChiTietSach.php?id='.$row2->ID,$image.$row2->CoverImage,'XemChiTietSach.php?id='.$row2->ID,$row2->Title);
							$i++;
						}
						print("</tr>");
					}
					print("</table>");
					
					$num_rows = 0;
					while($row = $count_result->fetch_object())
					{
						$num_rows = $row->count_result;
					}
					if($num_rows == 0)
					{
						print("<center><font color='red' size='3'>Không có sách thỏa từ khóa bạn đang tìm</font></center>");
					}
					else
					{
						include '../common/paging.php';
						echo paging('../user/timkiem.php', $books_per_page, $numdisplay, $num_rows, $current_page, '&txtKey='.$bookname);
					}
					$mysqli->close();
					$mysqli_count->close();
				}
				
				
            ?>
		</div>
	</div>
	<?php require "../components/footer.php" ?>
</div>
</body>
</html>

<?php
function clean_XSS($value)
{
	$key = array("<",">");
	$replace = "";
	return str_replace($key,$replace,$value);
}
?>